This provides the mini-LSM "loadpin" that intercepts the now consolidated kernel_file_read LSM hook so that a system can keep all loads coming from a single trusted filesystem. This is what Chrome OS uses to pin kernel module and firmware loading to the read-only crypto-verified dm-verity partition so that kernel module signing is not needed.
-Kees v4: - add missing "const" to char * src, joe v3: - changed module parameter to "loadpin.enabled" - add sysctl docs, akpm - add general use function for enum, zohar - add gfp_t, joe - clean up loops, andriy.shevchenko - reduce BUG_ON to WARN_ON, joe v2: - break out utility helpers into separate functions - have Yama use new helpers too -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
